Drupal.org nieuws

Subscribe to feed Drupal.org nieuws
Come for the software, stay for the community Drupal is an open source content management platform powering millions of websites and applications. It’s built, used, and supported by an active and diverse community of people around the world.
Bijgewerkt: 6 uur 23 min geleden

An update on projects created for Drupal

za, 10/07/2017 - 09:00

About six months ago we made a significant change to the way that modules, themes, and distributions are created on Drupal.org.

In the past, contributors had to first create a sandbox project, and then request manual review of their project in the Project Applications issue queue. The benefit of this community-driven moderation process was that modules were vetted for code quality and security issues by a group of volunteers. Project maintainers who completed this process also received the benefit of security advisory coverage from the Security Team for stable releases of their projects.

Unfortunately, the rate of project applications outpaced what volunteers could keep up with, and many worthy projects were never promoted to full project status, or moved off of Drupal.org to be hosted elsewhere.

To ameliorate this issue, we changed the process so that any confirmed user on Drupal.org may now make full projects.

To mitigate the risks of low code quality or security vulnerabilities we added new signals to project pages: including highlighting which release is recommended by the maintainer, displaying recent test results, and indicating whether the project receives security coverage both on the project page and in the composer 'extra' attribute. We're continuing to work on identifying additional signals of project quality that we can include, as well as surfacing some of this information in Drupal core. We also converted the project applications issue queue into a 'request security advisory coverage' issue queue.

What we hoped to see

We knew this would be a significant change for the project and the community. While many community members were excited to see the gates to contribution opened, others were concerned about security issues and Drupal's reputation for code quality.

Our prediction was that the lower barrier to contribution would result in an increase in full projects created on Drupal.org. This would indicate that new contributors or third party technology providers were finding it easier to integrate with Drupal and contribute those integrations back for use by others.

At the same time, we also expected to see an increase in the number of full projects that do not receive coverage from the security team. The question was whether this increase would be within an acceptable range, or represent a flood of low quality or insecure modules.

The results

The table below provides statistics about the full projects created on Drupal.org in the 5 months before March 17th, 2017 - when we opened the creation of full projects to all confirmed users.

Full projects created from 2016-10-16 to 2017-03-17…

#

% of projects created in this period

… without stable release

431

55.76%

… with stable releases

342

44.24%

… with usage >= 50 sites

237

30.66%

… with usage >= 50 sites and without stable release

68

8.80%

… with usage >= 50 sites and with stable release

169

21.86%

… with an open security coverage application*

18

2.33%

Sub-total with security coverage

342

44.24%

Sub-total without security coverage

431

55.76%

Sub-total with security coverage and >=50 usage

169

21.86%

Sub-total without security coverage and >= 50 usage

68

8.80%

Total

773

* note: full projects that did not have stable releases were not automatically opted in to security coverage when we opened the full project creation gates.

… and this table provides statistics about the projects created in the 5 months after we opened the creation of full projects to all confirmed users:

Full projects created from 2017-03-17 to 2017-08-16…

#

Diff

% of projects created

Diff %

… without stable release

851

+420

69.53%

+97%

… with stable releases

373

+31

30.47%

+9%

… with usage >= 50 sites

156

-81

12.75%

-34%

… with usage >= 50 sites and without stable release

64

-4

5.23%

-6%

… with usage >= 50 sites and with stable release

92

-77

7.52%

+46%

… with an open security coverage application

62

+44

5.07%

+344%

Sub-total with security coverage

182

-160

14.87%

-53%

Sub-total without security coverage

1,042

+611

85.13%

+242%

Sub-total with security coverage and >=50 usage

54

-115

4.41%

-32%

Sub-total without security coverage and >= 50 usage

102

+34

8.33%

+150%

Total

1,224

+451

+58%

As you can see, we have an almost 58% increase in the rate of full projects created on Drupal.org. We can also see a significant proportional increase in two key areas: projects with greater than 50 site usage and no security coverage(up 150% compared to the previous period), and projects that have applied for security coverage(up 344% compared to the previous period). Note: this increase in applications is for projects *created in these date ranges* not necessarily applications created overall.

This tells us that reducing friction in applying for security coverage, and encouraging project maintainers to do so should be a top priority.

Finally, this last table gives statistics about all of the projects currently on Drupal.org, regardless of creation date:

Full projects (7.x and 8.x)

#

% of Total

Rate of change after 2017-03-17

… with the ability to opt into security coverage

8,718

36.15%

-1.33%

… with security coverage and stable releases

8,377

34.74%

-1.49%

… without security coverage

15,396

63.85%

+1.33%

… without security coverage and with stable releases

464

1.92%

+1.04%

… with security coverage and >=50 usage
 

6,475

66.91 / 26.85%

-0.54%

… with security coverage and stable releases and >=50 usage

6,308

65.19 /26.16%

-0.65%

… without security coverage and >=50 usage

3,202

33.09 /13.28%

+0.54%

… without security coverage and with stable releases and >=50 usage

130

1.34 /0.54%

+0.51%

Sub-total with >=50 usage

9,677

40.13%

-1.72%

Total

24,114

From the overall data we see approximately what we might expect. The increase in growth of full projects on Drupal.org has lead to a modest increase in projects without security coverage.

Before the project application change, all full projects with stable releases received security advisory coverage. After this change, only those projects that apply for the ability to opt in(and then do so) receive coverage.

What has this meant for security coverage of projects hosted on Drupal.org?

1.92% of all full 7.x and 8.x projects have stable releases, but do not receive security advisory coverage. It is likely no accident that this translates into 464 projects, which is nearly equivalent to the number of projects additional projects added compared to our old growth rate.

Of those only 130 of those projects report more than 50 sites usage(or .54% of all 7.x and 8x full projects).

Next steps

From this analysis we can conclude the following:

  1. The opening of the project application gates has dramatically increased the number of projects contributed to Drupal.org.

  2. It has also increased the number of projects without security coverage, and the number of applications for the ability to opt in to coverage among new projects.

In consultation with the Security Working Group, we recommend the following:

  • For now, leave the project creation projects as it stands today - open to contribution from any confirmed user on Drupal.org.

    • Less than 2% of all Drupal projects with stable releases currently lack security coverage. The rate at which this is increasing is significant (and in the wrong direction) but not rapid enough to merit changing the project application policy immediately.

  • Solve the problem of too many security advisory coverage applications. The security advisory application queue has the same problem that the old project applications queue had - not enough volunteers to manually vet all of the applications - and therefore a significant backlog of project maintainers waiting on the ability to opt into coverage.

    • Recommendation: Implement an automated best practices quiz that maintainers can take in order to be granted the ability to opt into security advisory coverage. If this process is as successful as we hope, we may want to consider making this a gate on stable releases for full projects as well.

We look forward to working with the Security Working Group to implement this recommendation and continue to improve the contribution experience on Drupal.org, while preserving code quality and security.

Drupal 8.4.0 is now available

wo, 10/04/2017 - 22:20
What's new in Drupal 8.4.0?

This new version is an important milestone of stability for Drupal 8. It adds under-the-hood improvements to enable stable releases of key contributed modules for layouts, media, and calendaring. Many other core experimental modules have also become stable in this release, including modules for displaying form errors inline and managing workflows.

The release includes several very important fixes for content revision data integrity as well as an update to stop the deletion of orphaned files that was causing data loss for many sites, alongside numerous improvements for site builders and content authors.

Download Drupal 8.4.0

Important: If you use Drush to manage Drupal, be sure to update to Drush 8.1.12 or higher before updating Drupal. Updating to Drupal 8.4.0 using Drush 8.1.11 or earlier will fail. (Always test minor version updates carefully before making them live.)

Inline Form Errors

The Inline Form Errors module provides a summary of any validation errors at the top of a form and places the individual error messages next to the form elements themselves. This helps users understand which entries need to be fixed, and how. Inline Form Errors was provided as an experimental module from Drupal 8.0.0 on, but it is now stable and polished enough for production use.

Datetime Range

The Datetime Range module provides a field type that allows end dates to support contributed modules like Calendar. This stable release is backwards-compatible with the Drupal 8.3.x experimental version and shares a consistent API with other Datetime fields. Future releases may improve Views support, usability, Datetime Range field validation, and REST support.

Layout Discovery API

The Layout Discovery module provides an API for modules or themes to register layouts as well as five common layouts. Providing this API in core enables core and contributed layout solutions like Panels and Display Suite to be compatible with each other. This stable release is backwards-compatible with the 8.3.x experimental version and introduces support for per-region attributes.

Media API

The new core Media module provides an API for reusable media entities and references. It is based on the contributed Media Entity module.

Since there is a rich ecosystem of Drupal contributed modules built on Media Entity, the top priority for this release is to provide a stable core API and data model for a smoother transition for these modules. Developers and expert site builders can now add Media as a dependency. Work is underway to provide an update path for existing sites' Media Entity data and to port existing contributed modules to the refined core API.

Note that the core Media module is currently marked hidden and will not appear on the 'Extend' (module administration) page. (Enabling a contributed module that depends on the core Media module will also enable Media automatically.) The module will be displayed to site builders normally once once related user experience issues are resolved in a future release.

Similarly, the REST API and normalizations for Media are not final and support for decoupled applications will be improved in a future release.

Content authoring and site administration experience improvements

The "Save and keep (un)published" dropbutton has been replaced with a "Published" checkbox and single "Save" button. The "Save and..." dropbutton was a new design in Drupal 8, but users found it confusing, so we have restored a design that is more similar to the user interface for Drupal 7 and earlier.

Both the "Comments" administration page at `/admin/content/comment` and the "Recent log messages" report provided by dblog are now configurable views. This allows site builders to easily customize, replace or clone these screens.

Updated migrations

This release adds date and node reference support for Drupal 6 to Drupal 8 migrations. Core provides migrations for most Drupal 6 data and can be used for migrating Drupal 6 sites to Drupal 8, and the Drupal 6 to 8 migration path is nearing beta stability. Some gaps remain, such as for some internationalization data. The Drupal 7 to Drupal 8 migration is incomplete but is suitable for developers who would like to help improve the migration and can be used to test upgrades especially for simple Drupal 7 sites. Most high-priority migrations are available.

Moderation and workflows

The Workflows module is now also stable, however it only provides a framework for managing workflows and is not directly useful in itself. The experimental Content Moderation module allows workflows to be applied to content and is now at beta stability. Content moderation workflows can now apply to any entity types that support revisions, and numerous usability issues and critical bugs are resolved in this release.

Platform features for web services

Drupal 8.4 continues to expand Drupal's support for web services that benefit decoupled sites and applications, including a 15% performance improvement for authenticated REST requests, expanded REST functionality, and developer-facing improvements.

Further details are available about each area in the 8.4.0 release notes.

What does this mean for me? Drupal 8 site owners

Update to 8.4.0 to continue receiving bug and security fixes. The next bugfix release (8.4.1) is scheduled for November 1, 2017.

Updating your site from 8.3.7 to 8.4.0 with update.php is exactly the same as updating from 8.3.6 to 8.3.7. If you use Drush, be sure to update to Drush 8.1.12 or higher before using it to update Drupal 8.3.7 to 8.4.0. Drupal 8.4.0 also has major updates to several dependencies, including Symfony, jQuery, and jQuery UI. Modules, themes, and translations may need updates for these and other changes in this minor release, so test the update carefully before updating your production site.

Drupal 7 site owners

Drupal 7 is still fully supported and will continue to receive bug and security fixes throughout all minor releases of Drupal 8.

Most high-priority migrations from Drupal 7 to 8 are now available, but the migration path is still not complete, especially for multilingual sites, so you may encounter errors or missing migrations when you try to migrate. That said, since your Drupal 7 site can remain up and running while you test migrating into a new Drupal 8 site, you can help us stabilize the Drupal 7 to Drupal 8 migration path! Testing and bug reports from your real-world Drupal 7 sites will help us stabilize this functionality sooner for everyone. (Search the known issues.)

Drupal 6 site owners

Drupal 6 is not supported anymore. Create a Drupal 8 site and try migrating your data into it as soon as possible. Your Drupal 6 site can still remain up and running while you test migrating your Drupal 6 data into your new Drupal 8 site. Core now provides migrations for most Drupal 6 data, but the migrations of multilingual functionality in particular are not complete. If you find a new bug not covered by the known issues with the experimental Migrate module suite, your detailed bug report with steps to reproduce is a big help!

Translation, module, and theme contributors

Minor releases like Drupal 8.4.0 include backwards-compatible API additions for developers as well as new features. Read the 8.4.0 release notes for more details on the improvements for developers in this release.

Since minor releases are backwards-compatible, modules, themes, and translations that supported Drupal 8.3.x and earlier will be compatible with 8.4.x as well. However, the new version does include some changes to strings, user interfaces, and internal APIs (as well as more significant changes to experimental modules). This means that some small updates may be required for your translations, modules, and themes. See the announcement of the 8.4.0 release candidate for more background information.

State of Drupal presentation (September 2017)

wo, 09/27/2017 - 16:33

This blog has been re-posted with permission from Dries Buytaert's blog. Please leave your comments on the original post.

Yesterday, I shared my State of Drupal presentation at DrupalCon Vienna. In addition to sharing my slides, I wanted to provide some more detail on how Drupal is evolving, who Drupal is for, and what I believe we should focus on.

Drupal is growing and changing

I started my keynote by explaining that Drupal is growing. Over the past year, we've witnessed a rise in community engagement, which has strengthened Drupal 8 adoption.

This is supported by the 2017 Drupal Business Survey; after surveying 239 executives from Drupal agencies, we can see that Drupal 8 has become the defacto release for them and that most of the Drupal businesses report to be growing.

While the transition from Drupal 7 to Drupal 8 is not complete, Drupal 8's innovation continues to accelerate. We've seen the contributed modules ecosystem mature; in the past year, the number of stable modules has more than doubled. Additionally, there are over 4,000 modules in development.

In addition to growth, both the vendor and technology landscapes around Drupal are changing. In my keynote, I noted three primary shifts in the vendor landscape. Single blogs, portfolio sites and brochure sites, which represent the low end of the market, are best served by SaaS tools. On the other side of the spectrum, a majority of enterprise vendors are moving beyond content management into larger marketing suites. Finally, the headless CMS market segment is growing rapidly, with some vendors growing at a rate of 500% year over year.

There are also significant changes in the technology landscape surrounding Drupal, as a rising number of Drupal agencies have also started using modern JavaScript technologies. For example, more than 50% of Drupal agencies are also using Node.js to support the needs of their customers.

While evolving vendor and technology landscapes present many opportunities for Drupal, it can also introduce uncertainty. After listening to many people in the Drupal community, it's clear that all these market and technology trends, combined with the long development and adoption cycle of Drupal 8, has left some wondering what this all means for Drupal, and by extension also for them.

Drupal is no longer for simple sites

Over the past year, I've explained why I believe Drupal is for ambitious digital experiences, in both my DrupalCon Baltimore keynote and on my blog. However, I think it would be valuable to provide more detail on what I mean by "ambitious digital experiences". It's important that we all understand who Drupal is for, because it drives our strategy, which in turn allows us to focus our efforts.

Today, I believe that Drupal is no longer for simple sites. Instead, Drupal's sweetspot is sites or digital experiences that require a certain level of customization or flexibility — something I refer to as "richness".

Ambitious is much more than just enterprise

This distinction is important because I often find that the term "ambitious" becomes conflated with "enterprise". While I agree that Drupal is a great fit for the enterprise, I personally never loved that categorization. It's not just large organizations that use Drupal. Individuals, small startups, universities, museums and nonprofits can be equally ambitious in what they'd like to accomplish and Drupal can be an incredible solution for them.

An example of this could be a small business that manages 50 rental properties. While they don't have a lot of traffic (reach), they require integrations with an e-commerce system, a booking system, and a customer support tool to support their business. Their allotted budget is $50,000 or less. This company would not be considered an enterprise business; however, Drupal would be a great fit for this use case. In many ways, the "non-enterprise ambitious digital experiences" represent the majority of the Drupal ecosystem. As I made clear in my presentation, we don't want to leave those behind.

Addressing the needs of smaller organizations

The Drupal ecosystem majority are organizations with sites that require medium-to-high richness, which SaaS builders cannot support. However, they also don't need to scale at the level of enterprise companies. As the Drupal community continues to consider how we can best support this majority, a lot of smaller Drupal agencies and end-users have pointed out that they would benefit from the following two things:

  1. Powerful site building tools. They want easy-to-use site building tools that are simple to learn, and don't require dozens of contributed modules to be installed and configured. They would also prefer to avoid writing a lot of custom code because their clients have smaller budgets. Great examples of tools that would improve site building are Drupal's upcoming layout builder, workspaces and media library. To make some of Drupal's own administrative UIs more powerful and easier to use, I proposed that we add a modern JavaScript to core.
  2. Easier updates and maintenance. While each Drupal 8 site benefits from continuous innovation, it also needs to be updated more often. The new Drupal 8 release cycle has monthly patch releases and 6-month minor releases. In addition, organizations have to juggle ad-hoc updates from contributed modules. In addition, site updates has often become more complex because our dependency on third-party libraries and because not everyone can use Composer. Many smaller users and agencies would benefit tremendously from auto-updates because maintaining and updating their Drupal 8 sites can be too manual, too complex and too expensive.

The good news is that we have made progress in both improving site builder tools and simplifying updates and maintenance. Keep an eye on future blog posts about these topics. In the meantime, you can watch a recording of my keynote (starting at 22:10), or you can download a copy of my slides (56 MB).

State of Drupal keynote, DrupalCon Vienna from Dries Buytaert State of Drupal keynote, DrupalCon Vienna from Dries Buytaert

Drupal Business Survey 2017

ma, 09/25/2017 - 12:02

The Drupal Business Survey 2017 shows that Drupal has a steady position in the market, and Drupal 8 has secured its role as the most popular version for new Drupal projects. Further, Drupal is often becoming part of a larger set of solutions.

The Drupal Business Survey is an annual survey that aims to give insights into the key issues that Drupal agency owners and company leaders worldwide face. The survey is an initiative of Exove, One Shoe and the Drupal Association and has been carried out this year for the second time. It covers topics about Drupal business in general, Drupal projects and talent needs. This article summarizes the most important findings along with commentary and insights from a total of 239 respondents.

Drupal is growing steadily

The Drupal Business Survey gleaned its data for 2017 from 239 respondents in CEO/COO/CTO/founder role (87%), director role (4.6%) or management role (4.6%), working at Drupal companies with a total of 300 offices spread around the globe. The most popular office location (30.1%) was USA. The second most popular with 12.1% was UK, and after that Germany, Netherlands, India, Canada and France. There were respondents from Africa, Asia, Europe, North America, South America and Oceania.

Analysis of the data made immediately clear that Drupal is a healthy business:

Drupal project pipeline grows

For almost half of the respondents (48.5%) the Drupal project pipeline grew within the last year. For 28.9% it stayed roughly the same, and for 22.6% the pipeline shrank.

Size of Drupal projects grows

For a majority (52.3%) of the respondents the average size of Drupal project deals grew. For about one third (31.4%) the Drupal deal size stayed roughly the same, and for only 16.3% the size of deals shrank.

Drupal’s project win rate stays roughly the same

Despite the increasing competition in the CMS market, for many (46.4%) of the companies their Drupal project win rate has stayed on the same level over the last year, and about a third (34.7%) have managed to grow their win rate. For less than a fifth of the companies (18.8%) the win rate had decreased.

Drupal’s position as a high-demand service platform is steady, especially for projects in the Charities and Non-Profit sector, which is catered to by two thirds (64.9%) of the respondents. Other popular industries that use Drupal are Government & Public Administration (56.1%) and Healthcare & Medicine (49.4%). There are no major differences in industries served by Drupal companies compared to the 2016 survey results.  

Choosing Drupal

When choosing the right platform, Drupal clients trust the technical provider’s expertise: Drupal is often chosen by the clients as a result of the provider’s recommendation. In some cases the client’s previous experience or familiarity with Drupal is the definitive factor.

Besides Drupal being open-source and free of licensing fees, the definitive reasons for choosing Drupal are that Drupal is a reliable and flexible CMS choice with a strong reputation:

Without -most often than not- being able to precisely explain the reasons for which they prefer Drupal, those who do, sense that it is a better solution for their business; we shall imagine that this is due to the image of the CMS, which evokes a more robust, and serious CMS than the others.

Can do anything. Secure.

Choosing the company

When Drupal itself is less the dominating factor for the client, other unique aspects are often key factor for clients choosing a supplier, agency, or partner. The respondents mentioned that trust, commitment, quality, level of service, full service proposition, technical expertise, good reputation, and references were important factors for client decision making.

Drupal 8 has a strong place in the market

Drupal 8, the newest version of the CMS, seems to have taken a strong place in the market. The respondents’ new Drupal projects were most commonly (38.1%) built on Drupal 8. One fourth of the respondents stated that they build mostly with both Drupal 8 and some with Drupal 7. For 18% of the respondents most new project were built with Drupal 7 and some with Drupal 8. A few (6.7%) of the respondents said their new projects are equally often built with Drupal 7 and Drupal 8. 12.1% still built all of their new projects with Drupal 7.

Drupal companies broaden their services, skill-sets, techniques and expertise

Remarkably, despite the popularity of Drupal, the survey shows that a lot of Drupal companies have changed their business model over the last year to widen their services and respond to the demand.  

The most common way of changing the business model was by expanding services beyond building Drupal websites (35,1%). The data shows that companies start to offer more services, expand their technology stack and work with multiple CMS platforms.

The main reasons behind the changes were changing market conditions (40,0%) or to willingness to grow the pipeline better or faster (49,4%). A respondent explains: “Drupal is too restricted to cover all the market's needs; furthermore, adding other services allows us to expand our clientele and thus revenues.”

More services

In addition to pure web development – coding the sites – most of the companies provide services such as support, system integration, user experience design, visual design, hosting, and mobile development.

Changing the technology stack

The companies also found adding other technologies as a useful way of expanding the technology stack.

More than half of the respondents’ companies used also Node.js, while Angular (43.5%), Symfony (42.3%) and React.js (33.9%) were also commonly used technologies within the respondents. Some used also Laravel (17.2%), Vue.js (9.6%) and Django (5.9%).

Expanding their services by adding other services and CMS platforms to their toolkit

Almost half of the companies (45.2%) have added other CMS platforms to expand their services and getting variety to projects. WordPress is the most usual (54.67%) addition to the toolkit, serving particularly smaller projects, with Magento eCommerce platform and Grav CMS following. For most respondents (69.6%), the reason for using more than one CMS tool is being able to use the tool best suited for the project. For almost the half (40.2%) the reason arose from the client's’ wishes on the tool.

“WordPress is more popular, and customers want it because of the user experience.”

“There's still a battle out there between Drupal and WordPress. Clients are not enough informed about the differences, so their opinion is often based on information and visions by previous suppliers”

“We’re adding Adobe and wordpress. Looking into JS frameworks.”  

Drupal in a landscape of solutions

Drupal is widely considered as one of the most popular options in the CMS landscape. However, while digital solutions have become more complex, Drupal increasingly often serves as a part of a larger set of solutions. The survey data shows that Drupal companies do this in the belief that the company sells solutions rather than technology.  

There’s a broad range of options available for companies to build platforms. Every Drupal organization seeks different combinations of software products and programming languages that they seem most important for their projects. There are endless options that excel in their own right.

Our clients rarely come asking for Drupal (10% of the time ). But our technical prowess is a big part of their choice. That skill just happens to be in Drupal due to our own choice of platforms.

[Our Drupal expertise is the most definitive factor] when clients approach us for Drupal projects, if Drupal is not the main reason to approach us (the most common case) then Drupal expertise is irrelevant.

When it is a Drupal project the expertise is important but we no longer sell Drupal as a major part of projects. We just use it. We now sell the solution.

I sell solutions to digital problems, not solutions to Drupal problems.

The study made it clear that there are often other definitive factors than Drupal expertise affecting the client’s decision of choosing agencies. The clients reportedly value vendor’s portfolio and references of previous projects, reputation, communication, and services that differentiate the agency from its peers.

The Drupal talent factor

According to the survey, Drupal talent is hard to find and takes a lot of work. Only fraction (10.9%) of the companies say that they find Drupal talent easily. Compared to last year, the demand for Drupal talent at responding companies seems to be split between decreasing (23.4%) and increasing (25.5%) demand, with demand staying about the same at 36.8%.

With Drupal 8 gaining more and more popularity, most respondents say that Drupal 8 skills are somewhat in demand (38.1%) or high demand (33.5%). 15.9% say that Drupal 8 skills are not in demand.

Most respondents ranked the number of skilled Drupal 8 developers as average (40.2%). The responses indicate that more Drupal talent is needed, especially skilled Drupal 8 developers, due to the fact that Drupal 8 is more complex than its predecessors:

2016/17 and D8 has been a big shakeout for talent in Drupal. A lot of people who could operate in commercial Drupal delivery in 2012-2015 (with demand outstripping supply markedly) simply will not be viable candidates for Drupal work in 2018. There is no 'easy" work left and many people who came in during the good times will not be able to sustain careers in the new world.

The evolution of the CMS marketplace to favor more comprehensive and thus also more complex solutions is favoring bigger companies with stronger competences through number of experts in specific fields. This can be a struggle for small vendors, as mastering clients’ needs requires more expertise than is available on their staff:

Demand, as a whole, for Drupal seems to be significantly dropping as the increased complexity of each major release of Drupal cuts off greater and greater numbers of the ‘do-it-themselves’ business owning client/builder types. These types are prime candidates for initially using Drupal and then later turning their Drupal site over to a professional company.

Conclusion

Based on the study results, it is safe to say that Drupal has a steady position in the market, and Drupal 8 has secured its role as the most popular version for new Drupal projects.

The content management market is shifting towards more comprehensive and also complex solutions. Drupal agencies are well positioned to respond to this trend due to modern Drupal 8 architecture and also by combining Drupal into larger solutions. This drives Drupal business into larger deals and allows more long-term partnerships with the clients, thus giving financial stability to the companies and also to the community.

On the other end of the market, Drupal also faces competition from low-end solutions such as Wordpress. Some of the agencies now offering other content management solutions, Wordpress included.

The market might be challenging for smaller companies with only one CMS in their toolkit. Companies that can react to changing market conditions and provide a variety of solutions are going to succeed. Additiionally, companies that are able to distinguish themselves from other vendors through a good set of services, specialisation, or excellent customer service will flourish. This is all part of a natural evolution of any digital platform marketplace and it should be seen as a good juncture to raise the Drupal agencies to the next level.

Talent finding challenges indicate that there will be a need for multi-skilled developers with very good technical expertise.

Want to go in-depth?

More detailed results of the survey will be published at the DrupalCon Vienna CEO Dinner on Wednesday, September 27th. The presentation will become available for download afterwards.

-----

For more information, please contact Janne Kalliola (janne@exove.fi) or Michel van Velde (michel.vanvelde@oneshoe.com)

About Exove

Exove delivers digital growth. We help our clients to grow their digital business by designing and building solutions with agile manner, service design methodologies, and open technologies. Our clients include Sanoma, Fiskars, Neste, Informa, Trimble, and Finnlines. We serve also start-up companies, unions and public sector. Exove has offices in Helsinki, Oulu and Tampere, Finland; Tallinn, Estonia; and London, United Kingdom. For more information, please visit www.exove.com.

About One Shoe

One Shoe is an integrated advertising and digital agency with more than 10 years experience in Drupal. With more than 40 specialists, One Shoe combines strategy, UX, design, advertising, web and mobile development to deliver unique results for international clients like DHL, Shell, Sanofi, LeasePlan, MedaPharma and many more. For more information, please visit www.oneshoe.com.

About the Drupal Association

The Drupal Association is a non-profit organization headquartered in Portland, OR, USA. It helps the Drupal project and community thrive with funding, infrastructure, and events. Its vision is to help create spaces where anyone, anywhere, can use Drupal to build ambitious digital experiences. For more information, please visit drupal.org/association.

What’s new on Drupal.org? - August 2017

di, 09/19/2017 - 18:38

Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community.

Announcement TLS 1.0 and 1.1 deprecated

Drupal.org uses the Fastly CDN service for content delivery, and Fastly has depreciated support for TLS 1.1, 1.0, and 3DES on the cert we use for Drupal.org, per the mandate by the PCI Security Standards Council. This change took place on 9 Aug 2017. This means that browsers and API clients using the older TLS 1.1 or 1.0 protocols will no longer be supported. Older versions of curl or wget may be affected as well.

Almost time for DrupalCon Vienna

DrupalCon Vienna is almost here! From September 26-29 you can join us for keynotes, sessions, and sprinting. Most of the Drupal Association engineering team will be on site, and we'll be hosting a panel discussion about recent updates to Drupal.org, and our plans for the future.

We hope to see you there!

Drupal.org updates 8.4.0 Alpha/Beta/Release Candidate 1

On August 3rd, Drupal 8.4.0 received its alpha release, followed on the 17th by a beta release, and on September 6th by the first release candidate. Several new stable API modules are now included in core for everything from workflow management to media management. Core maintainers hope to reach a stable release of Drupal 8.4 soon.

Improvements to Project Pages

We made a number of improvements to project pages in August, one of which was to clean up the 'Project information' section and add new iconography to make signals about project quality more clear to site builders.

In the same vein, we've also improved the download table for contrib projects, by making it more clear which releases are recommended by the maintainer, providing pre-release information for minor versions, and displaying recent test results.

Metadata about security coverage available to Composer

Developers who build Drupal sites using Composer may miss some of the project quality indicators from project pages on Drupal.org. Because of this, we now include information about whether a project receives security advisory coverage in the Composer 'extra' attribute. By including this information in the composer json for each project, we hope to make it easier for developers using Composer to ensure they are only using modules with security advisory coverage. This information is also accessible for developers who may want to make additional tools for managing composer packages.

Automatic issue credit for committers

Just about the last step in resolving any code-related issue is for a project maintainer to commit the changes. To make sure these maintainers are credited for the work they do to review these code changes, we now automatically add issue credit for committers.

Performance Improvements for Events.Drupal.org

With DrupalCon coming up in September we spent a little bit of time tuning the performance of Events.Drupal.org. We managed to resolve a session management bug that was the root cause of a significant slow down, so now the site is performing much better.

Syncing your DrupalCon schedule to your calendar

A long requested feature for our DrupalCon websites has been the ability to sync a user's personal schedule to a calendar service. In August we released an initial implementation of this feature, and we're working on updating it in September to support ongoing syncing - stay tuned!

Membership CTA on Download and Extend

We've added a call to action for new members on the Drupal.org Download and Extend page, which highlights some great words and faces from the community. Membership contributions are a crucial part of funding Drupal.org and DrupalCon, but much the majority of traffic we receive on Drupal.org is anonymous, and may not reach the areas of the site where we've promoted membership in the past. We're hoping this campaign will help us reach a wider audience.

DrupalCI sponsorship

DrupalCI is one of the most critical services the Drupal Association provides to the project, and also one of the more expensive. We've recently added a very small section to highlight how membership contributions help provide testing for the project - and in the future we hope to highlight sponsors who will step up specifically to subsidize testing for the Drupal project.

Infrastructure More semantic labels for testing

In August we added more semantic labels for DrupalCI test configuration. This means that project maintainers no longer have to update their testing targets with each new release of Drupal, they can instead test against the 'pre-release' or 'supported' version, etc. More information can be found in the DrupalCI documentation.

Started PCI audit

In August we also began a PCI audit, and developed a plan of action to reduce the Drupal Association's PCI scope. Protecting our community's personal and financial information is critically important, and with a small engineering team, the more we can offload PCI responsibility onto our payment vendors the better. We'll be continuing to work on these changes into the new year.

———

As always, we’d like to say thanks to all the volunteers who work with us, and to the Drupal Association Supporters, who made it possible for us to work on these projects. In particular we want to thank:

If you would like to support our work as an individual or an organization, consider becoming a member of the Drupal Association.

Follow us on Twitter for regular updates: @drupal_org, @drupal_infra

Drupal Association Board Meeting Announcement

ma, 09/11/2017 - 22:39

The Drupal Association Board of Directors will meet twice during DrupalCon Vienna. They have a board retreat the weekend before the conference and there is  an open board meeting during DrupalCon for the community to attend. Below are details about each meeting.

Board Retreat

During a retreat, the board and the Executive Director meet in an extended executive session to plan and discuss the strategy for the Drupal Association. Normally, the retreat lasts two days and non-board members including staff are invited to participate in presentations and discussions on specific topics.

However for the upcoming retreat in Vienna, we will be exploring a holistic view of the strategy for Drupal and are structuring the retreat differently to accommodate this expanded conversation.

Open Board Meeting

The board will meet again during DrupalCon Vienna on Wednesday, 27 September  from 11:45 - 13:00 in the convention center Business Suite 3-4. This is open to the community and lunch will be served to all who attend. You can also attend remotely via Zoom. See the dial in information below.

The agenda for this meeting includes:

  • Vote to approve last board meeting minutes

  • Executive Update

  • Drupal.org Update

  • DrupalCon Europe Update

  • Community Governance update from the CWG

  • Community Q&A

  • Celebrate departing board members

Those dialing into the meeting can join zoom by registering here: https://zoom.us/webinar/register/1b63252cf48650c9d746f627e8486654

Or join by phone (see link for # by country):

https://zoom.us/zoomconference?m=ZTp9iSy-nW5sqyKJKRfhbTbxDueqU9W   

Webinar ID: 460 900 173

Drupal 8.4.0-rc1 is available for testing

do, 09/07/2017 - 14:47

The first release candidate for the upcoming Drupal 8.4.0 release is now available for testing. Drupal 8.4.0 is expected to be released October 4.

Download Drupal-8.4.0-rc1

8.4.x includes new stable modules for storing date and time ranges, display form errors inline and manage workflows. New stable API modules for discovering layout definitions and media management are also included. The media API module is new in core, all other new stable modules were formerly experimental. The release also includes several important fixes for content revision data integrity, orphan file management and configuration data ordering among other things. You can read a detailed list of improvements in the announcements of alpha1 and beta1.

What does this mean to me? For Drupal 8 site owners

The final bugfix release of 8.3.x has been released. A final security release window for 8.3.x is scheduled for September 20, but 8.3.x will receive no further releases following 8.4.0, and sites should prepare to update from 8.3.x to 8.4.x in order to continue getting bug and security fixes. Use update.php to update your 8.3.x sites to the 8.4.x series, just as you would to update from (e.g.) 8.3.4 to 8.3.5. You can use this release candidate to test the update. (Always back up your data before updating sites, and do not test updates in production.)

For module and theme authors

Drupal 8.4.x is backwards-compatible with 8.3.x. However, it does include internal API changes and API changes to experimental modules, so some minor updates may be required. Review the change records for 8.4.x, and test modules and themes with the release candidate now.

For translators

Some text changes were made since Drupal 8.3.0. Localize.drupal.org automatically offers these new and modified strings for translation. Strings are frozen with the release candidate, so translators can now update translations.

For core developers

All outstanding issues filed against 8.3.x were automatically migrated to 8.4.x. Future bug reports should be targeted against the 8.4.x branch. 8.5.x will remain open for new development during the 8.4.x release candidate phase. For more information, see the release candidate phase announcement.

Your bug reports help make Drupal better!

Release candidates are a chance to identify bugs for the upcoming release, so help us by searching the issue queue for any bugs you find, and filing a new issue if your bug has not been reported yet.

Kickstarting the Drupal Community Spotlight

do, 08/31/2017 - 17:23

Let's face it, it's been a crappy year in many ways. Internally and externally there are pressures that have made all of us think "what's the point?"

Instead of a world where we build and move forward together there is conflict, uncertainty, and so many why moments. From the macro to the micro, communities and ecosystems are struggling. The ideals of open source software often feel exploited, and the feeling of wonderment and discovery as we build together has been cast aside to something that feels very much like... well, work.

Drupal has not been immune. Like I need to tell you that.

For those of us that are optimists, and change makers, and idealists, and believers, nothing hits home the impact of our work than stories about how we use this code called Drupal to create impact. I think the world needs a little of that right now.

So, we have a team, we have energy and we are ready to shine the crap out of the brilliance of the people behind, in front, and to the side of Drupal.

I for one am looking forward to us injecting so much positivity into this community that even the chronic eye rollers won’t be able to help but give a slight smile.

A highlight of DrupalCon: the live code commit! Photo by Michael Cannon

The first thing we are working on is getting a way to start collecting stories. We might use a form. Or we might build an entire website. Just coz we can. So how about y’all give me a *whoop* *whoop* and start thinking about helping the Drupal Spotlight Committee unlock stories of Drupal impact from across the globe. It’s going to be fun.

Help us Celebrate Community Heroes. Join the Community Spotlight Committee

do, 08/17/2017 - 16:23

TL:DR; Our community is full of amazing people. Let’s celebrate them. Join the Community Spotlight committee to review community-nominated heroes so we can recognize and celebrate those who have contributed to Drupal in special ways.

+++++++++++++

Drupal is a single expression of collaboration amongst thousands of people from around the world who are passionate, smart, and caring. They donate countless hours, moving the project forward by contributing code, mentoring new contributors, writing documentation, organizing camps, sharing knowledge, and so much more. These selfless acts are Drupal’s lifeblood and deserve being celebrated and appreciated.

It’s clear from a recent #drupalthanks twitter-fest that our community is eager to show their appreciation for each other. That is why, the Drupal Association, with the help of Lyndsey Jackson,  is re-launching Community Spotlight, a program that highlights community-nominated heroes who have contributed to the project in a special way. This program went on hold last year when the Drupal Association downsized, making the organization more sustainable. Lyndsey offered to bring the program back by forming a committee who will select nominees to be highlighted on Drupal.org and through Drupal Association communication channels.

The Drupal Association is thankful for Lyndsey’s passion for celebrating the community and for making time to bring Community Highlights back. Lyndsey has a great vision for the program. In her own words, she says: "We want the Community Spotlight to represent a shared story or an experience that will resonate and connect with where the community and the project is at that point in time. We want to highlight the depth of experience that exists, and the evolving potential through emerging leaders and new energy"

Will you join the Community Spotlight Committee?

Lyndsey is creating a Community Spotlight committee to drive this important program forward. It will consist of 3-5 people with diverse backgrounds. They will review the community-nomination forms and pick who we will celebrate. They will also help convert the nomination form into a blog post, which the Drupal Association will promote.  The monthly time commitment would be about 2-4 hours. This group also has the autonomy to evolve the program. I’m sure there are many ways we can improve how we celebrate our community.

To join this committee, please complete this form

Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-004

wo, 08/16/2017 - 18:38

Drupal 8.3.7 is a maintenance release which contain fixes for security vulnerabilities.

Download Drupal 8.3.7

Updating your existing Drupal 8 sites is strongly recommended (see instructions for Drupal 8). This release fixes security issues only; there are no new features nor non-security-related bug fixes in this release. See the 8.3.7 release notes for details on important changes and known issues affecting this release. Read on for details of the security vulnerabilities that were fixed in this release.

Description Views - Access Bypass - Moderately Critical - Drupal 8 - CVE-2017-6923

When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access restrictions on the view.

It is best practice to always include some form of access restrictions on all views, even if you are using another module to display them.

REST API can bypass comment approval - Access Bypass - Moderately Critical - Drupal 8 - CVE-2017-6924

When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments.

This issue only affects sites that have the RESTful Web Services (rest) module enabled, the comment entity REST resource enabled, and where an attacker can access a user account on the site with permissions to post comments, or where anonymous users can post comments.

Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical - Drupal 8 - CVE-2017-6925

There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity.

Versions affected
  • Drupal core 8.x versions prior to 8.3.7
Solution

Install the latest version:

Drupal 7 core is not affected, however, Drupal 7 Views is: see Views - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-068

Also see the Drupal core project page.

Reported by Views - Access Bypass REST API can bypass comment approval - Access Bypass Entity access bypass for entities that do not have UUIDs or protected revisions - Access Bypass Fixed by Views - Access Bypass REST API can bypass comment approval - Access Bypass Entity access bypass for entities that do not have UUIDs or protected revisions - Access Bypass Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

What’s new on Drupal.org? - July 2017

do, 08/03/2017 - 21:41

Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community.

Drupal.org updates Better Distribution packaging

Distributions are a cornerstone of Drupal, giving site-builders a head start by packaging together proven modules and themes from contrib to build a Drupal site to purpose. In July we spent some time improving the functionality for packaging distributions on Drupal.org, by updating Drupal.org's packaging system to use Drush 8. This resolves several issues:

We hope that these changes will help distribution maintainers

reCAPTCHA

One of the key tools we use to prevent spam on Drupal.org is Mollom, which will reach end of life next year. To replace it, we've implemented reCAPTCHA on Drupal.org, and updated our privacy policy accordingly. We have not yet disabled Mollom, because Mollom is a content analysis tool in addition to a captcha tool. Because reCAPTCHA does not duplicate that content analysis functionality we'll be monitoring spam attack patterns on Drupal.org to see whether reCAPTCHA will be a sufficient as a standalone replacement.

Easier addition of new documentation guides and pages

It's hard to believe that the new documentation system has been in use for almost a year. We've made a number of improvements after the initial release to improve usability for both contributors and maintainers of documentation, and to encourage project maintainers to migrate their docs. One piece of feedback we've heard several times is that the 'add content' links the sidebar of a documentation guide were too difficult to find. To make it easier for documentation contributors to add new sub-guides and pages, we've added a new page link to the 'Edit' menu of documentation guides.

Webmasters and documentation moderators can administer all docs

Finding maintainers for the over 12,000 pages of documentation on Drupal.org continues to be a challenge, and so we've given all users with the Webmaster and Documentation Moderator role the ability to administer any documentation guide. This will expand the pool of users who can help to manage documentation and manage documentation maintainers. Good documentation for a project with Drupal's scale is a community-driven effort and we're incredibly thankful for all the volunteers who contribute.

Any confirmed user may claim unmaintained documentation guides

We also now allow any unmaintained guide to be claimed by any confirmed user—automatically adding them as the maintainer for that guide. This should make it much easier for new contributors to take up the mantle of maintaining sections of documentation on Drupal.org.

Learn more about maintaining documentation by reading our content guidelines.

For evaluators Updated industry page call to action

The Drupal.org industry pages are a new experiment for the Drupal Association this year, with a goal of reaching out to Drupal evaluators in specific markets. The success stories we showcase on these pages demonstrate the power of Drupal in these industries, but we also want these pages to be an opportunity to connect evaluators with experts who can help them achieve their goals with Drupal. To enhance our efforts to connect Drupal evaluators to experts in their industry - we've added an additional call to action at the top of the industry page to encourage evaluators to connect with experts.

Front page case study promotion for supporting partners and top contributors

In July we laid the groundwork for promoting a second row of case studies on the Drupal.org home page. The second row will feature case studies from supporting partners and top Drupal contributors. These will not replace the existing row of case studies that are featured through the community process, but will supplement these case studies with additional stories from organizations that support the Drupal project through monetary and issue contribution. Watch for these new stories in the coming months.

Digital tote for Vienna

For DrupalCon Vienna we're implementing a new digital tote bag to deliver benefits to DrupalCon attendees provided by our event sponsors. This digital totebag will feature content for attendees from our Diamond, Platinum, and Gold sponsors.

Speaking of DrupalCon Vienna - prices are about to go up by €50 + VAT - so make sure to register before early bird ends on Friday.

Infrastructure Audit of monitoring and backups

One of the first steps our new infrastructure partner is undertaking is an audit of our monitoring and backup regime, to ensure that we are well-prepared for disaster recovery and mitigation. While our internal team (with the help of dedicated volunteers) has maintained these existing systems, the current system is something of a patchwork of several tools, and we're hopefully that we can consolidate our tools and process and make them more robust and efficient.

———

As always, we’d like to say thanks to all the volunteers who work with us, and to the Drupal Association Supporters, who made it possible for us to work on these projects. In particular we want to thank:

  • Deeson - Renewing Premium Supporting Partner
  • Bits Creative Agency - *NEW* Classic Supporting Partner
  • Tag1 - *NEW* Signature Supporting Partner
  • Pantheon - Renewing Premium Hosting Supporting Partner

If you would like to support our work as an individual or an organization, consider becoming a member of the Drupal Association.

Follow us on Twitter for regular updates: @drupal_org, @drupal_infra

Take the Survey on the Community Governance Summit

di, 07/18/2017 - 15:28

I recently shared the community needs and potential strategies for evolving community governance, which resulted from the Community Discussions we held in person and online throughout April and May. You can find the webinar recording and written transcript, as well as the meeting minutes from all Community Discussions, at https://www.drupal.org/community/discussions.

Many community members who participated in these discussions agreed that the next step to take in this process is to hold a Community Governance Summit. However, we are not yet clear on where and when this event should take place, who should participate, and several other important details. I worked with community members to develop this survey so we can answer those questions.

Please take 5 minutes to take this community survey and tell us your thoughts about the Community Governance Summit. This survey will remain open until 11:59pm EDT on July 28, 2017. We will analyze the findings and report back on what we learned in a follow-up blog post by Friday, August 4.

Thank you for your time and participation.

Drupal Association Board Meeting Summary - 28 June, 2017

za, 07/15/2017 - 21:09

On 28 June, 2017, the Drupal Association Board held the second of four annual public meetings. It was a full meeting where staff provided operational updates and gained some strategic direction from board members on how to proceed in various areas. Some highlights included:

  • Summary of DrupalCon Baltimore’s performance and impact.

  • Progress on securing future DrupalCon locations.

  • Discussion on how to unblock community outreach efforts by making appropriate changes to the Drupal.org privacy policy

  • An update on the Drupal.org infrastructure RFP that was recently awarded to Tag1.

Whitney Hess also attended the board meeting to give an update on the Community Discussion work and invited the community to attend her webinar that shared her findings and next steps. You can learn more and watch the recorded webinar here.

Also, Jamie Nau, our “virtual CFO” from Summit CPA attended the meeting to review April 2017 financial statements, which showed that DrupalCon Baltimore exceeded expectations, positioning the Drupal Association for a healthier year, financially. This is encouraging news as we work through our financial turnaround, which started a year ago.

In an effort to be more transparent about board activities, the board chose to use this public forum to vote to approve the January through April 2017 financial statements. April 2017 financial statements showed that April was a successful month primarily due to DrupalCon Baltimore's strong financial performance. 

You can find the meeting minutes and board materials here

We were pleased to have community members attend and invite you to attend our next board meeting on 27 September, 2017 at noon CEST. It is located in the DrupalCon Vienna convention center and can also be attended via zoom.  

How you can help during our membership campaign

di, 07/11/2017 - 22:47

Join in the fun during the Drupal Association membership campaign happening now through August 4. We're providing personalized certificates of membership to individual and organization members who join or renew during the campaign and we need your help spreading the word.

The campaign has two goals: help us deliver 500 certificates and raise $18,250 during July 10-August 4. By sharing and encouraging Drupal users and people in the community to join us, you'll help us meet these goals. If we are told by 5 or more members that you referred them to us during this campaign, we'll thank you on social media.

Grab words and graphics from this post and share away. If you are a member who would like your own certificate let us know and we'll send one your way. Post your selfie or hang your certificate on the wall. Thanks for sharing!

Social

Share why you are a member.

Share

Tweet

Graphics

Use these with https://www.drupal.org/association/campaign/certificate-2017


300 x 250px


440 x 220px (good for Twitter)


300 x 140px

Thank you for supporting the Drupal Association and for being part of our community.

File attachments:  mem_campaign_2017_q3_300x140.jpg mem_campaign_2017_q3_300x250.jpg mem_campaign_2017_q3_twitter_1.jpg

Now Available: The Community Discussions Webinar Recording

vr, 07/07/2017 - 01:09

Last week, we shared the high-level findings from our recent Community Discussions. Today, Whitney Hess hosted a webinar to explain those findings in depth, along with proposals from the community on how to evolve community governance.

We encourage you to watch the video and post your questions in the comment section here. If you have comments but wish to remain private, Whitney asks you to email her directly at whitney@whitneyhess.com.

You can find the transcript here.

Community Discussions Findings and Webinar

wo, 06/28/2017 - 17:46

Over the last few years, many of us have seen the need to evolve community governance. Up until now, we had to focus on other priorities, but now is the time to address our needs for community governance especially in light of recent community events.

Our project has matured greatly and participation has expanded from developers and site builders to also include more content editors, designers, and marketing managers who work not only as freelancers or at Drupal shops, but also for large digital agencies or system integrators. We want all community members to be included in these community discussions so the redefined community governance serves everyone. This is an exciting time to create an even healthier future for our ever-growing community.

The Drupal Association is committed to staying in a support role as the community determines how to best evolve community governance to support everyone’s needs. We started helping by hosting Community Discussions that were mediated by Whitney Hess. There were 7 sessions at DrupalCon Baltimore and 7 virtual sessions between April and May. You can find the meeting minutes here.

The Community Discussions surfaced several common needs and identified several strategies for addressing those needs.

The most commonly shared needs of the community are (in order of frequency):

  • Awareness

  • Participation

  • Transparency

  • Clarity

  • Contribution

  • Healing

  • Trust

  • Understanding

  • Communication

  • Connection

  • Empowerment

  • Process

  • Progress

Strategies to address those needs ranged from clarifying the responsibilities and boundaries of the leadership roles throughout the Drupal project, determining how and where to communicate community decisions, improving processes for community management, and providing easier access to documentation about leadership roles and clearly communicating what is expected of Drupal community members.

In terms of next steps, the participants were in agreement that we need to come together in a Governance Summit to start architecting improvements to today’s governance structure. However, the community did not define the best way to hold this meeting. It is still unclear when and where it should be, and who should participate and facilitate. We will send out a community survey next to get input from you to answer these questions.

Attend The Webinar

We invite to you attend a webinar on July 6 at 11 am ET / 1600 BST / 8:30 pm IST hosted by Whitney Hess. Whitney will review the findings from our Community Discussions in more detail. We will record the video and share it with you afterwards, along with a written transcript.

Dial in details are below:

Video:

   https://zoom.us/j/589988397

Or Telephone:

   Dial: +1 646 558 8656 (US Toll) or +1 408 638 0968 (US Toll)

   Meeting ID: 589 988 397

   International numbers available:    

   https://zoom.us/zoomconference?m=KQN5xFuem0PrbwaqFQC3HJyEWuwQ7QHT

Thank you for your patience and participation as we tackle these big questions and move forward together as a stronger community.

Calling all Drupal Agency Leaders: Participate in the 2017 Drupal Business Survey

ma, 06/26/2017 - 16:06

Surrounding Drupal is a thriving global business ecosystem and thanks to collaboration with One Shoe and Exove, we’ve created an annual survey that gives insight into its health, focus, and needs. Businesses benefit by learning from their peers and seeing Drupal’s business trends. This survey also helps the Drupal Association find new ways to help support this community. Analysis of the 2016 edition of the survey can be found here.

We encourage all business leaders to take this year’s Drupal Business Survey.  

The survey aims to provide a picture of the current Drupal Business landscape, including the health of Drupal companies, obstacles and enablers for Drupal’s business success and D8 adoption.

Participation is completely anonymous and takes fewer than 10 minutes. The first results will be presented at the Drupal CEO Dinner at DrupalCon Vienna on Wednesday, September 27th, 2017. Analysis and insights will officially be published on Drupal.org and in Drupal Watchdog Magazine.

Participate!

You can participate anytime now until July 19th, 2017.

The survey can be accessed here.

Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-003

wo, 06/21/2017 - 19:44

Drupal 8.3.4 and Drupal 7.56 are maintenance releases which contain fixes for security vulnerabilities.

Download Drupal 8.3.4 Download Drupal 7.56

Updating your existing Drupal 8 and 7 sites is strongly recommended (see instructions for Drupal 8 and for Drupal 7). This release fixes security issues only; there are no new features nor non-security-related bug fixes in this release. See the 8.3.4 release notes and the 7.56 release notes for details on important changes and known issues affecting this release. Read on for details of the security vulnerabilities that were fixed in this release.

  • Advisory ID: DRUPAL-SA-CORE-2017-003
  • Project: Drupal core
  • Version: 7.x, 8.x
  • Date: 2017-June-21
  • Multiple vulnerabilities
Description PECL YAML parser unsafe object handling - Critical - Drupal 8 - CVE-2017-6920

PECL YAML parser does not handle PHP objects safely during certain operations within Drupal core. This could lead to remote code execution.

File REST resource does not properly validate - Less Critical - Drupal 8 - CVE-2017-6921

The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource.

Files uploaded by anonymous users into a private file system can be accessed by other anonymous users - Moderately Critical - Drupal 7 and Drupal 8 - CVE-2017-6922

Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system.

The security team has also received reports that this vulnerability is being exploited for spam purposes, similar to the scenario discussed in PSA-2016-003 for the public file system.

Versions affected
  • Drupal core 7.x versions prior to 7.56
  • Drupal core 8.x versions prior to 8.3.4
Solution

Install the latest version:

Also see the Drupal core project page.

Reported by PECL YAML parser unsafe object handling File REST resource does not properly validate Files uploaded by anonymous users into a private file system can be accessed by other anonymous users Fixed by PECL YAML parser unsafe object handling File REST resource does not properly validate Files uploaded by anonymous users into a private file system can be accessed by other anonymous users Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Drupal version: Drupal 7.xDrupal 8.x

Growing community in Moldova

di, 06/20/2017 - 17:03

This guest blog post is from Drupal Moldova's Association (not affiliated with Drupal Association). Get a glimpse of what is happening in Moldova's community and how you can get involved.

Drupal Moldova Association’s mission is to promote Drupal CMS and Open Source technologies in Moldova, and to grow and sustain the local community by organising Events, Camps, Schools, Drupal meetups and various Drupal and Open Source related trainings, and by establishing partnerships with Companies, the Government, and NGO’s.

Come and share your expertise in Moldova at our events! We're looking for international speakers to speak about Drupal and open source.

Among DMA’s (short for Drupal Moldova Association) numerous commitments, the following are of special importance:

  • to gather the community around Drupal and Open Source technologies;

  • to train students and professionals who want to learn and work with Drupal;

  • to organise events to keep the community engaged and motivated to improve, learn, and share experience;

  • to make sure Drupal is accessible to everyone by offering scholarships to those who can't afford our programs;

  • to elaborate a well defined program that helps students learn Drupal, acquire enough knowledge to get accepted for internships by IT companies, and be able to build Drupal powered websites;  

  • to assist new IT companies in establishing a local office, promote themselves, collaborate with other companies, and connect with the local Drupal community by giving them the opportunity to support our projects.

Over the last 5 years, we have been dedicated to achieving our goals! DMA have organized over 20 projects and events, including Drupal Global Training Days, Drupal Schools, and the regional DrupalCamp -- Moldcamp. Our projects have gathered over 700 local and international participants and speakers, and more than 15 International Companies that have supported us during these years (FFW, Adyax, IP Group, Intellix, Endava and many others).

Moldova is rich in great developers and people driven to take initiative and to grow and place the country on the world map. We are aiming to go beyond our limits and have a bigger impact in the year (‘17-’18), therefore we have created a yearly plan that contains projects similar to those we have done in the past years, as well as new and exciting ones:

  • Drupal School (3 step program), starting with Drupal School 8 plus PHP (step 1):  Drupal School is an educational program - split into 2 months, 25 courses of different levels (Beginner, Intermediate, Advanced).Drupal School aims to introduce people to Drupal 8 and PHP, and help them become Drupal professionals;

  • Moldcamp 2017: Sep - Oct 2017. A regional DrupalCamp that gathers around 150 Drupal professionals, enthusiasts, beginners and any-Drupal-related-folk in one place for knowledge-sharing, presentations, networking, etc. We will announce the event soon and allow speaker registration. Please follow us and don’t miss out on the opportunity;

  • Drupal Global Training Day: Dec 1-2. A one-day workshop that has the purpose of introducing people to Drupal, both code and community.

  • Drupal Meetups: These are organized each month and they allow our community to be active and share knowledge.

  • Tech Pizza: - Jun, Aug, Oct, Dec. A bi-monthly event, where the ICT community can gather in a casual and an informal environment around a pizza and  soda and discuss the latest IT trends and news. The core of this event is a speaker / invitee from abroad with a domain of expertise;

  • Moldova Open Source Conference: March 2018. It is a regional conference for over 200 participants that aims to gather all the Open Source Communities (Wordpress, Laravel, Ruby on Rails, JavaScript, etc.) under one roof, where they will attend sessions that enhance the expertise of existing experts in various Open Source technologies and allow them to mix their technologies into new ideas.

The proposed program “Drupal and Open Source in Moldova 2017 - 2018” is made possible through the support of USAID and the Swedish Government. Thanks to these organizations we can focus on the quality of our projects make sure they happen as planned. Also, we have a very important partnership with Tekwill / Tekwill Academy, which helps us even more in our quests.

We start with School of Drupal 8 plus PHP program, which will be held on 19th of June 2017. So far we have 3 sponsors--IPGroup, Adyax and Intellix--and two trainers.

We, The DMA, believe in pushing the limits! Our long term goal is to build and maintain big an active Open Source community by attracting more local and International participants to our Projects and Events, and continuously improve our sessions. This will make our presence felt in the global Drupal and Open Source communities and markets. Find us on Twitter @drupalmoldova, or on our Facebook page. If you are interested in speaking in Moldova, contact us at info@drupalmoldova.org.

DrupalCon Vienna t-shirts are back! - but there’s a catch.

vr, 06/02/2017 - 16:42

Remember how we are making changes to DrupalCon Europe? These were hard decisions and some things we love we found just weren’t financially viable. Like free t-shirts. But one thing we heard a lot was “please don’t take away the t-shirts!”  

We heard you. And while it doesn’t make financial sense to give free t-shirts to all attendees, we still want to be able to continue to offer them. So we’ve come up with a plan.   

At DrupalCon Vienna, t-shirts will be offered to the following groups:

  • Individual Drupal Association members who register for DrupalCon Vienna between 5 - 16 June 2017. You must register in this two week window AND be an individual member of the Drupal Association.

  • Volunteers who work at least four (4) hours onsite in Vienna 26 - 29 September. You must check the volunteer box during registration and must show up on site to volunteer for four (4) hours or until released by event staff.

  • Volunteers as part of the DrupalCon Program Team

  • Sprint Mentors

The fine print FAQ

I’m already a member, how do I make sure that I'll get a shirt?

If you are already an individual member, you get a t-shirt! BUT you MUST register in the first two weeks of ticket sales. Registrations after 16 June will not receive a t-shirt, member or not.

I’m not a member, can I do that during registration and still get a shirt?

Yes. If you are not a member you can become an individual member during your conference registration. You will be presented with a page during check-out that gives you the option to become a member.

I already registered but JUST saw this post! What do I do?

If you are a true early bird and register in the two weeks, but somehow missed this news post until after registering - that’s ok. As long as you become a member before the end of 16 June and you’ll still get a t-shirt.

The registration didn’t say anything about t-shirts or ask for my t-shirt size? What’s up?

After the 16 June cut-off date, eligible registrants will receive an email confirming their t-shirt along with a link to select their t-shirt size.

You got a session selected? Great!

We’ll refund your registration amount (but not your membership) and you get to keep the t-shirt. Our regular no-refund policy applies to all other sales.

You’re part of an organization that is buying a bulk amount of tickets for employees? Lucky you.

Your organization should provide you with an individual redemption code. You’ll need to redeem your individual registration before 16 June AND also be an individual member of the Drupal Association in order to get a t-shirt.

Pagina's